Many large organizations have thousands of resources available for their employees and customers to use. These resources may be segregated and stored in various application domains that restrict access to the resources, effectively keeping them separate. In order to access the resources, a user or employee must go through a system known as an access manager. An access manager may comprise an enterprise-level solution that centralizes critical access control services to provide an integrated solution for authentication, authorization, Web single sign-on, policy administration, enforcement agent management, session control, systems monitoring, reporting, logging, and auditing. An access manager may control access for numerous users located in various locations. Further, access manager may be associated with numerous application domains, and may control access to each of the individual resources within the application domains.
After a user has been authenticated and authorized to access the resource, an authenticated session may be established. However, the nature of threats to the enterprise has become more sophisticated—witness the rise of malware, session hijacking, botnets, social engineering, phishing, pharming, and keyboard logging, to name a few. Security in today's dynamic business environment must not only be nimble enough to adapt to these external threats but it must also protect against internal threats as well. Passive security and compliance measures are no longer good enough for today's complex and ever changing security climate.